Skip to main content

Websphere Deployer

5 CVEs product

Monthly

CVE-2020-2108 Maven HIGH This Week

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins IBM XXE Websphere Deployer
NVD
CVSS 3.1
7.6
EPSS
0.9%
CVE-2019-16561 Maven HIGH This Week

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Websphere Deployer
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2019-16560 Maven HIGH This Week

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins CSRF Websphere Deployer
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16559 Maven MEDIUM This Month

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Jenkins Websphere Deployer
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-1003056 Maven HIGH This Week

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Websphere Deployer
NVD
CVSS 3.1
8.8
EPSS
1.4%
EPSS 1% CVSS 7.6
HIGH This Week

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins IBM XXE +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins CSRF +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Jenkins +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy